Troj/Agent-GZC when run drops the following files:
<Program files>\Internet Explorer\PLUGINS\WinSys16.Sys
<Program files>\Internet Explorer\PLUGINS\WinSys16.Tao
The files WinSys16.Sys and WinSys16.Tao are both detected as Troj/Agent-GZC.
Troj/Agent-GZC also installs itself as a class at the following registry location:
HKCR\CLSID\{1AB1F65A-964F-4AE7-B254-05146A0E602E}
Troj/Agent-GZC also installs itself as a Explorer Browser Helper Object using the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{1AB1F65A-964F-4AE7-B254-05146A0E602E}
""
Troj/Agent-GZC also configures the class to autorun using the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{1AB1F65A-964F-4AE7-B254-05146A0E602E}
""